How to record digital evidence
If you suspect you've had a privacy breach you should collect evidence such as screenshots.
Follow our guidelines for how to record digital evidence effectively.
Finding out that your personal information has been shared without consent can be highly distressing. If your data has been exposed online, there are two main organisations in New Zealand that can assist you. This guide will help you understand the relevant privacy breach laws and determine which organisation can best address your situation.
Last Updated30/07/2024
New Zealand values the protection of individual privacy, acknowledging the Universal Declaration of Human Rights(https://en.wikipedia.org/wiki/Universal_Declaration_of_Human_Rights) and the International Covenant on Civil and Political Rights(https://en.wikipedia.org/wiki/International_Covenant_on_Civil_and_Political_Rights).
Digital data submission has become more common, and we often provide it without a second thought. Two critical laws come into play when privacy is breached: the Privacy Act and the Harmful Digital Communications Act (HDCA).
The Privacy Act controls how 'agencies' manage personal information through 13 Privacy Principles.
Updated in December 2020, the Act ensures better protection and reflects modern information collection and storage methods. Notably, it does not cover personal information used solely for personal or domestic affairs unless it would be highly offensive to a reasonable person.
The Act grants greater protection for individuals and introduces new obligations for businesses, including mandatory reporting of serious breaches and increased fines for non-compliance.
Anyone can be an "agency" under the Act: “agency means any person or body of persons, whether corporate or non-corporate, and whether in the public sector or the private sector.”
If you suspect an agency is mishandling your information, you can request the Privacy Commissioner to determine if there has been an "interference with privacy."
The Office of the Privacy Commissioner (OPC)(https://www.privacy.org.nz/) is an independent Crown Entity responsible for investigating privacy complaints. If an agency has violated any of the privacy principles and is unwilling to resolve the issue, the OPC can provide guidance. The OPC may take action on your behalf through the Human Rights Commission, which can offer various settlements, including awarding damages up to $200,000.
The Harmful Digital Communications Act (HDCA)(/our-work/helpline-services/the-harmful-digital-communications-act), addresses harmful digital communications.
It outlines 10 communication principles, with two specifically related to privacy breaches:
Netsafe helps resolve complaints related to these principles. Whilst not an enforcement agency, Netsafe has a high-resolution rate with resolving reports.
If someone shares information you consider to be personal and sensitive, such as medical information or intimate content (referred to as image-based abuse(/online-abuse-and-harassment/image-based-abuse)), this could be a privacy breach and violation of these Principles.
It is not uncommon for legitimate organisations to have their data compromised, and when this happens it might mean your data has been affected.
Sometimes the data may be made available for purchase and download on the Dark Web. Criminals may use the information from these data breaches to try to access your accounts or create new accounts in your name.
Learn more about data breaches.(/online-safety-at-home/data-breach)
If you suspect your privacy has been breached, remain alert to any emails or calls asking for anything suspicious like your passwords or to verify account details.
Legitimate organisations will never ask for passwords to your online accounts without your contacting them first.
If you suspect you've had a privacy breach you should collect evidence such as screenshots.
Follow our guidelines for how to record digital evidence effectively.
You can contact Netsafe seven days a week for free, confidential and non-judgmental advice about an online issue impacting you or someone you know.
You may want to visit Have I been Pwned?(https://haveibeenpwned.com/) to see if your details are there.
Several large/public data breaches have been added so the site acts like a repository of data breaches and lets you check to see if your account has been comprised.
Netsafe is not affiliated with this website, and has not verified the data contained there.
Recommended
Keeping your accounts safe online is crucial for protecting your personal information from unauthorised access.
Get to grips with anti-virus software and why it’s essential for cyber-security.
The Harmful Digital Communications Act (HDCA) is New Zealand legislation in relation to certain online behaviour. Find out what redress is available with Netsafe support.
A data breach is a security incident where unauthorized access can lead to the theft of personal information. Find out what to do if this happens to you.